As per a non-security alert seen by BleepingComputer, Microsoft warns several users about a campaign, where ransomware operators are malvertising fake Microsoft Teams updates for installing backdoor malwares in users systems. They’re found to be dumping ransomware malwares eventually. Microsoft has also suggested some measures to avoid such attacks.
Installing Backdoors to Steal Data and Encrypt
Microsoft has detected and reported a malicious campaign in its non-security alert to some, where it found ransomware groups are malvertising (malware advertising) to lure Microsoft Teams users into installing malwares. The campaign starts by ransomware operators compromising the search engine results or buying ad units for advertising in them.
The attackers here have chosen Microsoft Teams as their bait, as they’re crafting fake Teams update and setting on the top of the results. And when the unsuspecting user clicks on that ad and visits the website to download the update, he was actually installing a malware. The landing website is also reported to be operated by hackers.
The malwares then installed are the backdoors, where Microsoft’s alert said to be installing a PowerShell to steal confidential data from the users. Further, there are other malwares noted as Bladabindi (NJRat) backdoor and ZLoader stealer. Further, there’s even Predator, an info stealer for extracting the passwords, browser cookies etc.
At last, they’re found to be dropping WastedLocker ransomware malware. Even before this, the alert also talks about dumping the Cobalt Strike beacons, which are actually a legitimate tool for testing bugs in software, but was actively exploited by hackers for finding loopholes in a network. This was being used for moving horizontally in the network.
Other Trending News:- News